<?php
	require_once('/ticket/ticket_functions.php');
	require_once('/email/email.php');
	require_once('globals.php');
?>
<!DOCTYPE html>
<html>
<head>
	<link href="style.css" rel="Stylesheet" type="text/css" />
</head>
<body>
	<div class="PostContainer">	
		<div class="Post">
			<div class="PostHeader">
				Reset Password
			</div>
			<div class="PostContent">
				<form action="new_password.php" method="post">
					<p><h3>Enter your new password (must match) to reset it.</h3></p>					
					<p>Password: <input type="password" name="password1"></p>
					<p>Password: <input type="password" name="password2"></p>
					<p><input type="submit" name="resetPasswordSubmit" value="Reset Password"></p>
					<p><a href="login.php">Login</a></p>
					<p>
						<div id="message">
						</div>
					</p>
<?php
	if(isset($_GET['id'])):
		$randomID = $_GET['id'];
		echo '<input type="hidden" name="id" value="' . $randomID . '">';
	endif;
	if(isset($_POST['id'])):
		$randomID = $_POST['id'];
		echo '<input type="hidden" name="id" value="' . $randomID . '">';
	endif;
?>
				</form>
			</div>
		</div>
	</div>

<?php

	// echo generateRandomID(25) . "<br/>";
	if($_SERVER['REQUEST_METHOD'] == 'POST'):
		if(isset($_POST['resetPasswordSubmit'])):
			handlePost();				
		endif;
	elseif ($_SERVER['REQUEST_METHOD'] == 'GET'):
		if(isset($_GET['id'])):
			$randomID = $_GET['id'];
			if(idHasBeenRedeemed($randomID)):
				echo "<p>This ID has been redeemed already.</p>";
			else:
				// do nothing. Wait for submit.
			endif;
		else:
			header("Location: admin_login.php");
		endif;
	endif;
	
	function handlePost()
	{
		$randomID = $_POST['id'];
		if(idHasBeenRedeemed($randomID)):
			displayJavascriptAlert("This ID was already redeemed.");	
			return;
		endif;
		$password1 = $_POST['password1'];
		$password2 = $_POST['password2'];
		if(!empty($password1) && strcmp($password1, $password2) == 0 ):
			resetPassword($password1, $randomID);
		else:
			displayJavascriptAlert("Enter your password twice and make sure it matches.");			
		endif;
	}
	
	function resetPassword($password1, $randomID)
	{
		if(updateAdminPasswordInDatabase($password1, $randomID)):
			updateIDbecauseItWasRedeemed($randomID);
			displayJavascriptAlert("Your password has been changed.");
		else:
			// some error
		endif;
	}
	
	function updateIDbecauseItWasRedeemed($randomID)
	{	
		require('\private\mysqli_connect.php');
		$query = 	"update reset_password set redeemed = true where random_id='" . $randomID . "'";
		$result = $db->query($query);
		
		if($result):
			// echo "success<br/>";
			concatElementByID("message", "Your password was updated.");
			return true;
		else:
			concatElementByID("message", "failure: " . $db->error);
			echo $db->error . "<br/>";
			return false;
		endif;
	}
	
	function updateAdminPasswordInDatabase($password1, $randomID)
	{
		require('\private\mysqli_connect.php');
		$query = 	"update users set password=SHA1('" . $password1 . "')
					where user_id = (select user_id from reset_password where random_id = '" 
						. $randomID . "')";
		$result = $db->query($query);
		
		if($result):
			// echo "success<br/>";
			concatElementByID("message", "success");
			return true;
		else:
			concatElementByID("message", "failure: " . $db->error);
			echo $db->error . "<br/>";
			return false;
		endif;
	}	
	
	function idHasBeenRedeemed($randomID)
	{
		require('\private\mysqli_connect.php');
		$query = "select reset_id from reset_password where random_id = '" . $randomID . "' and redeemed = false";
		$result = $db->query($query);
		
		if($result->num_rows > 0):
			return false;
		else:
			return true;
		endif;
	}
?>